| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | pkg/host: move from host | Dmitry Vyukov | 2017-06-17 | 1 | -164/+0 |
| | | |||||
| * | all: use osutil.IsExist instead of os.Stat | Dmitry Vyukov | 2017-06-17 | 1 | -7/+4 |
| | | |||||
| * | sys, executor: extract tcp sequence numbers from /dev/net/tun | Andrey Konovalov | 2017-05-26 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds a new pseudo syscall syz_extract_tcp_res, that reads a packet from /dev/net/tun and extracts tcp sequence numbers to be used in subsequent packets. As a result this syzkaller program: mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x10) listen(r0, 0x5) syz_emit_ethernet(0x36, &(0x7f0000002000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="4c6112cc15d8", [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}) syz_extract_tcp_res(&(0x7f0000003000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0) syz_emit_ethernet(0x38, &(0x7f0000004000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @remote={[0xbb, 0xbb, 0xbb, 0xbb, 0xbb], 0x0}, [], {{0x800, @ipv4={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x6, 0x0, @remote={0xac, 0x14, 0x0, 0xbb}, @local={0xac, 0x14, 0x0, 0xaa}, {[]}}, @tcp={{0x1, 0x0, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {"0c10"}}}}}}) r3 = accept$inet(r0, &(0x7f0000005000)={0x0, 0x0, @multicast1=0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000006000)=0x10) established a TCP connection: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN 5477/a.out tcp 2 0 172.20.0.170:20000 172.20.0.187:20001 ESTABLISHED 5477/a.out Similar program for IPv6: mmap(&(0x7f0000000000/0x10000)=nil, (0x10000), 0x3, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x1, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, 0x1c) listen(r0, 0x5) syz_emit_ethernet(0x4a, &(0x7f0000001000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, 0x42424242, 0x42424242, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}}) syz_extract_tcp_res(&(0x7f0000002000)={<r1=>0x42424242, <r2=>0x42424242}, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000003000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x0}, @random="de895db1468d", [], {{0x86dd, @ipv6={0x0, 0x6, "a228af", 0x14, 0x6, 0x0, @remote={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xbb}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xaa}, {[], @tcp={{0x0, 0x1, r2, r1, 0x0, 0x0, 0x5, 0x10, 0x0, 0x0, 0x0, {[]}}, {""}}}}}}}) r3 = accept$inet6(r0, &(0x7f0000004000)={0x0, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0}, &(0x7f0000005000)=0x1c) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 :::20001 :::* LISTEN 5527/a.out tcp6 0 0 fe80::aa:20001 fe80::bb:20000 ESTABLISHED 5527/a.out | ||||
| * | host: open /dev/net/tun to check if syz_emit_ethernet is enabled | Andrey Konovalov | 2017-02-17 | 1 | -1/+4 |
| | | |||||
| * | host: support syz_open_dev$char/block | Dmitry Vyukov | 2017-02-10 | 1 | -0/+5 |
| | | |||||
| * | sys, executor: more kvm improvements | Dmitry Vyukov | 2017-01-12 | 1 | -0/+2 |
| | | | | | | | | 1. Basic support for arm64 kvm testing. 2. Fix compiler warnings in x86 kvm code. 3. Test all pseudo syz calls in csource. 4. Fix handling of real code in x86. | ||||
| * | sys: extend kvm support | Dmitry Vyukov | 2017-01-09 | 1 | -2/+7 |
| | | | | | | | Add new pseudo syscall syz_kvm_setup_cpu that setups VCPU into interesting states for execution. KVM is too difficult to setup otherwise. Lots of improvements possible, but this is a starting point. | ||||
| * | sys: replace syz_open_dev with openat | Dmitry Vyukov | 2017-01-09 | 1 | -0/+15 |
| | | | | | | In lots of cases we don't need the special syz_open_dev call, openat will do just fine. Standard syscalls are preferrable, so use them. | ||||
| * | executor: emit ethernet traffic | Andrey Konovalov | 2016-11-29 | 1 | -0/+3 |
| | | |||||
| * | sys: add string flags | Dmitry Vyukov | 2016-11-11 | 1 | -12/+18 |
| | | | | | | | | | | | Allow to define string flags in txt descriptions. E.g.: filesystem = "ext2", "ext3", "ext4" and then use it in string type: ptr[in, string[filesystem]] | ||||
| * | sys: always use pointers to types | Dmitry Vyukov | 2016-11-11 | 1 | -5/+5 |
| | | | | | | | | | Currently we store most types by value in sys.Type. This is somewhat counter-intuitive for C++ programmers, because one can't easily update the type object. Store pointers to type objects for all types. It also makes it easier to update types, e.g. adding paddings. | ||||
| * | sys, prog: add tests for description parsing and serialization | Dmitry Vyukov | 2016-09-28 | 1 | -0/+2 |
| | | | | | | | | | | | Add sys/test.txt file with description of syscalls for tests. These descriptions can be used to ensure that we can parse everything we clain we can parse. Use these descriptions to write several tests for exec serialization (one test shows that alignment handling is currently incorrect). These test descriptions can also be used to write e.g. mutation tests. Update #78 | ||||
| * | host: detect at least some unsupported syscalls if kallsyms is not available | Dmitry Vyukov | 2016-08-13 | 1 | -10/+10 |
| | | | | | We know how to detect availability of at least some syscalls without kallsyms. Do it. | ||||
| * | sys: terminate string constants with \x00 | Dmitry Vyukov | 2016-02-05 | 1 | -2/+2 |
| | | | | | | C expects string constants to be zero terminated. It worked to some degree probably because most memory is zeros in executor. | ||||
| * | sys: open a bunch of new devices | Dmitry Vyukov | 2016-01-26 | 1 | -3/+15 |
| | | |||||
| * | sys: allow to open all devices as stopgap | Dmitry Vyukov | 2016-01-24 | 1 | -1/+1 |
| | | |||||
| * | sys: introduce a generic syz_open_dev helper syscall | Dmitry Vyukov | 2016-01-13 | 1 | -8/+17 |
| | | |||||
| * | sys: add support for /dev/snd/control | Dmitry Vyukov | 2016-01-13 | 1 | -0/+3 |
| | | |||||
| * | host: detect more unsupported syscalls | Dmitry Vyukov | 2015-12-28 | 1 | -9/+42 |
| | | |||||
| * | host: detect unsupported syscalls | Dmitry Vyukov | 2015-12-27 | 1 | -0/+69 |
| Also detect transitively unsupported syscalls, that is, syscalls for which all syscalls that can create input arguments are disabled. | |||||
 |
index : syz | |
| Unnamed repository; edit this file 'description' to name the repository. | root |
| aboutsummaryrefslogtreecommitdiffstats |